Security issue - or not? (remote trigger SMC startup)

Similar Messages

• Security issue to access remote ejbs, URGENT!!! please and thanks.

  Hi gurus:
  I have questions for you. I need to access remote ejbs. the ejb(beans) have been
  deployed on remote machine. I have helper class file to do JNDI lookup to point
  the machine and find it.
  I have local machine to have all of home interfaces, remote interfaces and stub
  classes and common classes. I have local jsp and config weblogic-web.xml to allow
  test user to access.
  Sometimes fine but got the following message and error from my local machine.
  I have no clue about that. Is any other issue that remote machine have security
  to limit clients to access beans. Because remote wl server startup as system/weblogic.
  If my local machine startup as system/weblogic too. It has no problem at all.
  This doesn't make sense for my local machine has to have same system's password
  as remote machine. Should have some issues to limit clients to access remote beans.
  Thank you for any helps and suggestions in advance.
  Steven.
  ####<Jun 7, 2001 10:34:25 AM CDT> <Error> <HTTP> <stevenzhu> <myserver> <ExecuteThread-14>
  <springbow> <> <101020> <[WebAppServletContext(8365803,public_html)] Servlet failed
  with Exception>
  java.lang.SecurityException: Authentication for user test denied in realm wl_realm
  at weblogic.rmi.internal.AbstractOutboundRequest.sendReceive(AbstractOutboundRequest.java:90)
  at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:247)
  at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:225)
  at weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(ServerNamingNode_WLStub.java:121)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
  at com.sprint.common.util.EJBHelper.getHomeInterface(EJBHelper.java:172)
  at com.sprint.common.util.EJBHelper.getOrganizationSLHome(EJBHelper.java:122)
  at com.sprint.common.organization.OrganizationBean.getOrganizationHome(OrganizationBean.java:290)
  at com.sprint.common.organization.OrganizationBean.getOrganizationRemote(OrganizationBean.java:315)
  at com.sprint.common.organization.OrganizationBean.findEmployee(OrganizationBean.java:107)
  at jsp_servlet._ehr._vieworganizationalhierarchy._jspService(_vieworganizationalhierarchy.java:173)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:208)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1127)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1529)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)

  well, if we post in other threads, they tell me that it is ARD and server technology. If you try to post back to my mac in the normal threads about Leopard, they point us to this thread.
  It seems that a lot of people are frantically looking for someone who can explain in plain english how to do the remote desktop - is remote desktop the same technology as back to my mac?
  Extremely frustrating for people like me who don't have unix or programming language experience... We choose for mac because we wanted user friendlyness... What a joke!

• Sandbox Security Issue (MIDI Not Working In Applet)

  Hi all,
  I'm having problems getting javax.sound.midi to work in a java applet. It works fine when I run the applet from within JGrasp, but when I try to run the applet from an HTML file there is no sound. From what info I've found, it seems like my problem has to do with the sandbox security so the applet is not being able to access the computer's sound card, but I still haven't found a solution or a work around to that problem (after about 2 weeks worth of searching). The world of applet security is all new territory for me.
  I am running the html file off of my hard drive and I have my test program's class file in the same directory. I have tried both firefox and internet explorer web browsers (and also did the "allow blocked content" in internet explorer).
  I have no other sound sources playing or paused that would interfere with the web browser playing (it works in JGrasp and immediately after closing JGrasp completely it doesn't work in the web browser).
  Any help help in getting this figured out would be greatly appreciated. An example of an open source MIDI Java applet that I can pick apart to figure out what I need to make this work would be fantastic. Thanks in advance!
  Here are the codes to my test program and HTML file:
  PlayMIDI.html
  <html>
  <body>
  <CENTER><applet code="PlayMIDI.class" width="1000" height="500"></applet></CENTER>
  </body>
  </html>PlayMIDI.java
  import java.awt.*;
  import java.awt.event.*;
  import javax.swing.*;
  import javax.swing.event.*;
  import java.net.*;
  import javax.sound.midi.*;
  public class PlayMIDI extends JApplet
      public void init()
          MIDITest play = new MIDITest(0);
          play.playSong(100);
  class MIDITest
      private final int C4 = 60;                                        // C4 is the note middle C
      private final int MF = Integer.MAX_VALUE / 2;        // MF stands for mezzo forte -- medium loud
      private int iTimbre;                                                 // midi instrument number
      private Synthesizer synth;                                        // get the java synthesizer
      private MidiChannel [] channels;                              // get an array of channels.  This is the number of notes that can sound simultaneously     
      // Creates a midi synthisizer using the supplied instrument "patch".
      //   instrument numbers can vary from 0 to 127
      public MIDITest(int instrumentNumber)
          iTimbre = instrumentNumber;
          try 
          {   synth = MidiSystem.getSynthesizer();                                   //synth = MidiSystem.getSynthesizer();
              synth.open();                                                                           // open the synthesizer
              synth.loadAllInstruments(synth.getDefaultSoundbank());     // make all instruments available
              channels = synth.getChannels();
              channels[0].programChange(0, iTimbre);                                   // set the instrument for the channel 0
          catch (Exception e)
          {  System.out.println(e);
      public void playSong(int tempo)
          int quarter     = 60000;
          int eigth     = 30000;
          int half          = 120000;
          int whole     = 240000;
          int D4 = C4 + 2;
          int E4 = C4 + 4;
          int G4 = C4 + 7;
          int A4 = C4 + 9;
          int B4 = C4 + 11;
          try
          {   channels[0].noteOn(E4, MF);                         // start the instrument on channel 0 sounding
              channels[0].noteOn(B4, MF);
              channels[0].noteOn(G4, MF);
              channels[0].noteOn(D4, MF);
              Thread.sleep(whole / tempo);                         // sleep causes the program to wait the given number of milliseconds
              channels[0].noteOff(E4, MF);                         // stop the sound on the instrument on channel 0
              channels[0].noteOff(B4, MF);
              channels[0].noteOff(G4, MF);
              channels[0].noteOff(D4, MF);
          catch (Exception e)
          {   System.out.println(e);
  }

  Hi ejp, thanks for the reply.
  I did some searching for applet signing and I found this:
  http://www.brendonwilson.com/projects/signed-java/
  "+Developers should be warned that signing alone is not enough to enable their Java applets to access resources normally restricted by the Java sandbox. Although signing provides proof of the integrity of the applet and validation of the author’s identity through trust-heirarchies, developers must also make use of the browser-dependent APIs to request permission from the user to perform restricted activities.+"
  So am I going to have to do ask permission from each browser in order to get access to the sound card for the MIDI to play or will the MIDI work without that?
  Also, I found this tutorial on signing applets. Does this look like a good one?
  http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html
  Thanks again,
  -tkr

• Samba 3.2.6 patch for security issue

  I know the security issue is hard to trigger, but I created a new PKGBUILD for samba 3.2.6 containing the patch.
  Excerpt from the patch commentary:
  commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410
  Author: Michael Adam <[email protected]>
  AuthorDate: Thu Dec 18 18:01:55 2008 +0100
  Commit: Karolin Seeger <[email protected]>
  CommitDate: Fri Dec 19 08:30:23 2008 +0100
  smbd: prevent access to root filesystem when connecting with empty service name
  This only applies to a setup with "registry shares = yes"
  Michael
  And here's the PKGBUILD:
  # $Id: PKGBUILD 22200 2008-12-22 22:24:26Z tpowa $
  # Maintainer: judd <[email protected]>
  pkgname=samba
  pkgver=3.2.6
  # We use the 'A' to fake out pacman's version comparators. Samba chooses
  # to append 'a','b',etc to their subsequent releases, which pamcan
  # misconstrues as alpha, beta, etc. Bad samba!
  _realver=3.2.6
  pkgrel=2.1
  pkgdesc="Tools to access a server's filespace and printers via SMB"
  arch=(i686 x86_64)
  url="http://www.samba.org"
  license=('GPL3')
  backup=(etc/logrotate.d/samba etc/pam.d/samba etc/samba/smb.conf etc/xinetd.d/swat etc/conf.d/samba)
  depends=('db>=4.7' 'popt' 'libcups' 'acl' 'libldap' 'smbclient=3.2.6' 'libcap' 'heimdal>=1.2-1' 'pam' 'fam' 'gnutls>=2.4.1' 'tdb=3.2.6')
  options=(!makeflags)
  source=(http://us1.samba.org/samba/ftp/stable/${pkgname}-${_realver}.tar.gz \
  no-clients.patch samba samba.logrotate swat.xinetd samba.pam samba.conf.d \
  ftp://us1.samba.org/pub/samba/patches/security/samba-3.2.6-CVE-2009-0022.patch)
  build() {
  cd ${srcdir}/${pkgname}-${_realver}/source
  patch -Np2 -i ${srcdir}/no-clients.patch || return 1
  patch -Np2 -i ${srcdir}/samba-3.2.6-CVE-2009-0022.patch || return 1
  ./configure --prefix=/usr --with-configdir=/etc/samba \
  --with-lockdir=/var/cache/samba \
  --with-piddir=/var/run/samba \
  --with-fhs --with-pam --with-ads --with-acl-support \
  --without-cifsmount --without-libsmbclient \
  --with-syslog --with-pam_smbpass \
  --localstatedir=/var --disable-dnssd --libdir=/usr/lib/samba
  make || return 1
  mkdir -p ${pkgdir}/var/log/samba
  mkdir -p ${pkgdir}/etc/samba/private
  chmod 700 ${pkgdir}/etc/samba/private
  make DESTDIR=$startdir/pkg install
  chmod 644 ${pkgdir}/usr/include/*.h
  rm -rf ${pkgdir}/usr/var
  (cd script; cp installbin.sh i; cat i | sed 's/\/sbin\///' > installbin.sh)
  install -D -m755 ../../samba ${pkgdir}/etc/rc.d/samba
  install -D -m644 ../../samba.conf.d ${pkgdir}/etc/conf.d/samba
  mkdir -p ${pkgdir}/etc/samba
  cat ../examples/smb.conf.default | \
  sed 's|log file = .*$|log file = /var/log/samba/log.%m|g' >${pkgdir}/etc/samba/smb.conf.default
  install -D -m644 ../../samba.logrotate ${pkgdir}/etc/logrotate.d/samba
  install -D -m644 ../../swat.xinetd ${pkgdir}/etc/xinetd.d/swat
  install -D -m644 ../../samba.pam ${pkgdir}/etc/pam.d/samba
  # symlink libs
  for i in ${pkgdir}/usr/lib/samba/libsmbshare*; do
  ln -sf samba/$(basename $i) ${pkgdir}/usr/lib/$(basename $i)
  done
  # spool directory
  install -d -m1777 ${pkgdir}/var/spool/samba
  sed -i 's|/usr/spool/samba|/var/spool/samba|g' ${pkgdir}/etc/samba/smb.conf.default
  # fix logrotate
  sed -i -e 's|log.%m|%m.log|g' ${pkgdir}/etc/samba/smb.conf.default
  # nsswitch libraries
  install -D -m755 nsswitch/libnss_wins.so ${pkgdir}/lib/libnss_wins.so
  ln -s libnss_wins.so ${pkgdir}/lib/libnss_wins.so.2
  install -D -m755 nsswitch/libnss_winbind.so ${pkgdir}/lib/libnss_winbind.so
  install -D -m755 bin/pam_winbind.so ${pkgdir}/lib/security/pam_winbind.so
  # remove conflict files of smbclient and tdb
  for man in libsmbclient smbspool \
  umount.cifs mount.cifs net; do
  rm -f ${pkgdir}/usr/share/man/man8/${man}.8
  done
  for i in libnetapi* libtdb* libtalloc* libwbclient*; do
  rm -f ${pkgdir}/usr/lib/samba/$i
  done
  rm -f ${pkgdir}/usr/bin/tdbbackup
  rm -f ${pkgdir}/usr/include/{tdb.h,talloc.h,netapi.h}
  for man in rpcclient smbcacls smbclient smbcquotas \
  smbtree smbtar nmblookup smbget; do
  rm -f ${pkgdir}/usr/share/man/man1/${man}.1
  done
  rm -f ${pkgdir}/usr/share/man/man7/libsmbclient.7
  rm -f ${pkgdir}/usr/include/libsmbclient.h
  md5sums=('0cd27c7afbb8211616eea4010f32271c'
  'a676f0dde2c434aeb5125376b8797a64'
  'e93533fa2296c07c1f645dfdd373657f'
  '5697da77590ec092cc8a883bae06093c'
  'a4bbfa39fee95bba2e7ad6b535fae7e6'
  '96f82c38f3f540b53f3e5144900acf17'
  'f2f2e348acd1ccb566e95fa8a561b828'
  'e15ab37115101cf3a8d110f0c1f8e29e')
  I think a security task force should be initiated (I know discussions existed, but I don't know what were the consequences), so that important packages (like those providing services) could be updated in a timely manner. This is a minor issue as I stated earlier, but it could be worse. Those interested, let's initiate a discussion with the developers of important packages and try to get some things working. People (mostly trusted users) who can generate early packages are welcome, so that they can provide early versions of unvulnerable packages.

  ckristi wrote:I don't know about other packages, but I believe when I checked the PKGBUILD for PHP, that the security fix was included in 5.2.7.
  Check http://repos.archlinux.org/viewvc.cgi/p … iew=markup for more info.
  And don't get me wrong, I am a little bit concerned about the way vulnerabilities are treated in Arch, 'cause my home server is running this distro.
  And I really would think we should start some serious discussions about this security issues and the way they should be treated. I know the developers are doing their best and I'm not going to put fingers at all. They should be helped in maintaining packages for important services. We'll benefit from it and their tasks would be easier.
  Why don't you start a wiki page tracking the latest vulnerabilities disclosed on various security mailing lists which are not fixed in arch. This will make it much easier for the devs.
  This thing has been already discussed multiple times and already a wiki page exists for Arch Security Team but it seems nobody followed up with that.
  http://wiki.archlinux.org/index.php/Security_Task_Force

• WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

  I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
  This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
  server is configured on http port 80 
  ERROR
  Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
  according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
  I've checked proxy server connectivity. I'm able browse following site from WSUS server
  http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
  I did telnet proxy server on the particular port (8080) and that is also fine.
  I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
  Any tips appreciated !
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

  Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
  Your reply  ("SSL is enabled/configured, and the certificate being used is invalid
  (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
  I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
  My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
  proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
  Any other hints where I can prove them it's a sure shot problem from their side.
  Thanks again !!
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

• Can I create a form that doesn't trigger Acrobat's JavaScript disabled / security issues warning?

  Hello,
  Can I create a pdf that doesn't trigger Acrobat's JavaScript is currently disabled and this document uses it for some features.  Enabling JavaScript can lead to potential security issues.
  I even get this error when I create a blank pdf.
  I'm not using any JavaScript in the form and the nature of the message might tend to be a bit scary to some people since it mentions enabling JS can lead to potential security issues.  I basically want to disable the messaging of a feature I'm not even using.
  Anyone know if this is possible and if so, how I go about it?
  Thank you.

  Hi,
  I too share your frustration!!
  Unfortunately I do not have a complete answer for you.
  From the start I must say that Stefan Cameron has been very helpful (http://forms.stefcameron.com/2010/01/14/acrobatreader-9-3-now-available/), however I have not had sufficient time available to deal with the issue (or find a satisfactory resolution).
  The original post that Srini shared with you related to an XFA form that had FormCalc and Javascript in it. I will now share with you another situation that is closer to your experiences.
  Sometimes where we have a complex solution/form, we often give our users a PDF with instructions and demonstrations. We generate these using Adobe products:
  LiveCycle Designer ES to generate the solution/form;
  Captivate to record the demonstration (.swf);
  Acrobat to package it up in a static PDF.
  The screen shots below are from a PDF that includes written instructions and six Flash (.swf) files. The PDF does NOT include fields/form objects and does NOT include any FormCalc or Javascript.
  One of the big sells in Acrobat 9 was that Adobe had fully integrated Flash (Adobe product, ex. Macromedia) into Acrobat 9. This mean that .swf files could run natively inside a PDF. Brilliant!!!  The website today is still pushing this message, for example:
  Now bear in mind that the following screenshots are from a PDF that does not contain any scripting - its sole purpose is to "inform" the user, "look as good as the work I put into it", incorporate instruction and "multimedia" in a "single polished file" and I should be "confident that my audience will be able to view my work exactly as intended".
  Not so!!
  When the user now opens the form, all looks OK. No warning. They can read the instructions and scroll down to the multimedia (.swf files).
  However when the user clicks on the multimedia, the yellow bar appears:
  I go through the "trust" process:
  And the PDF looks like it is OK, no yellow bar. When I click on the multimedia, it begins to play - yes!! BUT ONLY FOR A SECOND OR TWO AND THEN IT STOPS AND GOES BACK TO THE START - AGGGGHHHHHHH!!!!!. I would apologise for shouting, but this is beyond frustration. The work in capturing six screencasts in Captivate, annotating them, publishing to .swf and packaging up in Acrobat has been a complete waste of time. Worse than that I now have several PDFs out there, that do not work. Good advertisement for my business? I don't think so!!
  The document that Stefan provided (Managing JavaScript Execution in the Acrobat Family of Products) does not mention Flash/.swf as being a problem. However I would recommend that you go through this document, as it may help you.
  So, where to now? I don't know. The previous posts and Stefan's responses have several urls that may help. You should maybe consider logging your experiences as a bug (log at Adobe).
  In the meantime good luck,
  Niall
  UPDATE:
  This behaviour (.swf playing for only a few seconds) happens in PDFs where the .swf is inserted as legacy media to run in earlier versions of Acrobat/Reader. In this case Acrobat/Reader is making an external call to Flash Player. Hence the yellow bar. However it does not explain why the Flash video still does not play when trusted.
  If the .swf is added into the PDF as Flash media to run on Acrobat 9 and above, then it works without displaying the yellow warning bar.
  So maybe any feature of your PDF that calls an external resource is likely to show the yellow warning bar.

• Remote Management Multi-User security issue

  Hello,
  This issue concerns both Mountain Lion and Lion servers. If I'm not mistaken, the issue is also officially described by Apple in the Lion release about Remote Managemenr vs Screen Sharing features.
  My question is simple and yet unanswered after hundreds of Internet searches:
  Why on earth a non-Admin user has the right to Share and Control the screen of another (Admin) user being logged-in a (Mountain) Lion server? It looks like the trick is that "Remote Management" instead of "Screen Sharing" is active. So what? Why a non-Admin should be allowed at all to view another users desktop just by typing-in his/her own credentials?
  Am I missing something or is Apple really out-of-security context? Our admin devoted significant effort to arrange access for the shared directories. For what? To find out that the Screen Sharing security under ARD Management (Remote Management) is non-existent?
  Am I terribly wrong?
  Any feedback will be highly appreciated.
  D.

  http://www.apple.com/feedback/

• Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  You will need to contact Snapfish to find out their system requirements and which plugin you need
  - http://support.snapfish.com/app/answers/detail/a_id/669/brand/3

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• HT5642 I need to update iOS 6.1.3 on my iPad2 to 6.1.6, due to security issue. Why is no update available? I do NOT want to install iOS 7, due to memory limitations.

  I need to update iOS 6.1.3 on my iPad2 to 6.1.6, due to security issue. Why is no update available? I do NOT want to install iOS 7, due to memory limitations.

  Any upgrade will be to the most recent, compatible version, in this case 7.0.6.

• Using latest version of fireFox to access Think Central, pages will not load and they say that this is a security issue with FireFox?

  Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
  Some have no problem accessing the lesson plans.
  Most when they login click on a lesson plan and an icon shows up that says loading but never does.
  If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
  Think Central support says this is a security issue with Firefox.
  I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
  I have allowed the pop ups to the think Central web site.
  Any help would be appreciated

  Are there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
  Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand.

• HFM Security Issue - User can submit a journal by by-passing the approval step even though they are not an admin.

  Hi All,
  I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
  The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
  If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
  input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
  "User does not have the access right to perform this journal task"
  The options I have thought for a workaround are as follows:
  1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
  2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
  Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
  We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
  they are:
  1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
  2.   2. A data reviewer (who approves journals)
  The process is as follows:
  1.       1. Logon as Data inputter to submit the journals
  2.       2. Logon as Data reviewer to approve the journals
  3.       3. Logon as Data inputter to post the Journals
  We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
  but once it comes back to step 3, we get an error as follows:
  "User does not have the access right to perform this journal task"
  (This error comes about when the access control on custom 4 is set to None, Read, Promote)
  Custom 4 Access Rights looks as follows:
  C4_ADJ01
  C4_ADJ02
  C4_ADJ03
  C4_ADJ04
  HFMDefault
  Read
  Read
  Read
  Read
  HFMLoad
  All
  Promote
  None
  Read
  HFMReview
  Read
  All
  All
  All
  When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
  For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
  Roles for the groups that users assigned look like the following:
  Test User Name
  Test User Name
  Access Rights
  1
  Base Data input/Journal Data input
  test_HFMLoad
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Enable write back in Web Grid
  Load Excel Data
  Generate Recurring
  Post Journals
  Create Unbalanced Journals
  Manage Templates
  Data Form Write Back from Excel
  Consolidate
  2
  Data Reviewer
  test_HFMReview
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Approve Journals
  Consolidate
  Reviewer 2
  Generate Recurring
  Manage Templates
  Create Unbalanced Journals
  Any help or advice would be much appreciated.
  Thanks in advance,
  M.

  Hi All,
  I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
  The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
  If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
  input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
  "User does not have the access right to perform this journal task"
  The options I have thought for a workaround are as follows:
  1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
  2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
  Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
  We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
  they are:
  1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
  2.   2. A data reviewer (who approves journals)
  The process is as follows:
  1.       1. Logon as Data inputter to submit the journals
  2.       2. Logon as Data reviewer to approve the journals
  3.       3. Logon as Data inputter to post the Journals
  We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
  but once it comes back to step 3, we get an error as follows:
  "User does not have the access right to perform this journal task"
  (This error comes about when the access control on custom 4 is set to None, Read, Promote)
  Custom 4 Access Rights looks as follows:
  C4_ADJ01
  C4_ADJ02
  C4_ADJ03
  C4_ADJ04
  HFMDefault
  Read
  Read
  Read
  Read
  HFMLoad
  All
  Promote
  None
  Read
  HFMReview
  Read
  All
  All
  All
  When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
  For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
  Roles for the groups that users assigned look like the following:
  Test User Name
  Test User Name
  Access Rights
  1
  Base Data input/Journal Data input
  test_HFMLoad
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Enable write back in Web Grid
  Load Excel Data
  Generate Recurring
  Post Journals
  Create Unbalanced Journals
  Manage Templates
  Data Form Write Back from Excel
  Consolidate
  2
  Data Reviewer
  test_HFMReview
  Reviewer 1
  Review Supervisor
  Create Journals
  Read Journals
  Database Management
  Approve Journals
  Consolidate
  Reviewer 2
  Generate Recurring
  Manage Templates
  Create Unbalanced Journals
  Any help or advice would be much appreciated.
  Thanks in advance,
  M.

• Powerview Cannot connect to the server due to a security issue. The server may not have been able to match the host for silverlight

  Hello,
  I have a sharepoint 2010 sp1 CU Dec 2011 server with a SQL Server 2012 SP1 CU4 reporting services instance.  I am able to open Power View and use it normally when bypassing the ISA Reverse Proxy server.  However when going thru ISA I receive the
  following Error.
  Power View  Cannot connect to the server due to a security issue.  The server may not have been able to match the host for Silverlight.  This error appears after I click yes on an Internet Explorer Display Mixed Mode prompt.
  I've seen a couple references to this issue but not much.  This one mentions a clientaccesspolicy.xml file but I haven't had any luck with that.  http://connect.microsoft.com/SQLServer/feedback/details/716433/cannot-connect-to-the-server-due-to-a-security-issue-the-server-may-not-have-been-able-to-match-the-host-for-silverlight
  Any Ideas?  Thanks.
  Ryan

  Hi Ryan,
  Based on my research, the issue should occur due to a by design behavior in Threat Management Gateway (TMG). To work around this issue, you can use SSL between the TMG and the SharePoint Web Server.
  Hope this helps.
  Regards,
  Mike Yin
  TechNet Community Support

• Windows 8 Remote Desktop Error "The Requested Security Package Does Not Exist"

  When my remote host (win server 2008 R2) is configured to use SSL for security layer, RDP from my Windows 8 gets  
  "An authentication error has occurred. The requested security package does not exit."
  When the host is set to use RDP security layer, it works fine. 
  Registry key solution for Win7 suggested on other posts does not seem to apply to win8.
  This is a Lenovo desktop, I uninstalled silverlight and bunch of other OEM installed programs.

  This fixed my problem in Windows 8 while connecting to a Windows 7 host.  I needed the pku2u entry.  I decided to look it up and here's the info for anyone that's interested.
  Introducing PKU2U in Windows
  Applies To: Windows 7, Windows Server 2008 R2
  This product evaluation topic for the IT professional describes the Public Key Cryptography Based User-to-User (PKU2U) security support provider (SSP) that is new in Windows 7 and Windows Server 2008 R2.
  PKU2U protocol
  The PKU2U protocol in Windows 7 and Windows Server 2008 R2 is implemented as an SSP. The SSP enables peer-to-peer authentication, particularly through the Windows 7 media and file sharing feature called Homegroup, which permits sharing
  between computers that are not members of a domain.
  How PKU2U works
  Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate,
  Negoexts, which is treated as an authentication protocol by Windows, supports Microsoft SSPs including PKU2U. You can also develop or add other SSPs.
  When computers are configured to accept authentication requests by using online IDs, Negoexts.dll calls the PKU2U SSP on the computer that is used to log on. The PKU2U SSP obtains a local certificate and exchanges the policy between the peer computers. When
  validated on the peer computer, the certificate within the metadata is sent to the logon peer for validation and associates the user's certificate to a security token and the logon process completes.
  For more information about developing SSPs, see
  Custom Security Packages in the MSDN Library.
  For more information about the Negotiate extensions (Negoexts), see
  Introducing Extensions to the Negotiate Authentication Package.

• HT5919 My company will not allow us to download iOS 7 due to software / security issues on our end. The problem is I need to download numbers but it says I need iOS 7. Is there any way to get an earlier update that's doesn't require ios7?

  My company will not allow us to download iOS 7 due to software / security issues on our end. The problem is I need to download numbers but it says I need iOS 7. Is there any way to get an earlier update of numbers that's doesn't require ios7?

  Thank you so much! It's updating now. I'm hoping that once the update is finished that it will sync like normal as well. Of course I'm still a bit confused/concerned about how it refused to update on it's own, but for now that's not a problem. Hopefully from now on there won't be any more problems.